IT & Web-tech

Hacker uses Heartbleed bug to retrieve private security keys , falsifies claims by security experts

heartbleed
Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

heartbleed A hacker has been successful in retrieving private security keys using the Heartbleed bug in Open SSL. The Verge reported this today.

“The hacker, Node.js team member Fedor Indutny, claimed on Twitter that he’d tracked down the SSL keys”, the Verge stated. The original tweet by the hacker is shown below :

 

 

Earlier this morning, content distribution network, Cloudfare had mentioned that “Heartbleed is not as bad as feared”. It also said that after 2 weeks of research by its team, they couldn’t exploit this bug to get access to a site’s private keys.

Now, completely contradicting these claims, the Hacker, Feder Indutny, who is a member of Node.js, claimed that he had successfully retrieved private security keys using the SSL bug. Later, Cloudfare itself confirmed hacker’s claim :

 

This being confirmed, now there is more frenzy among users using OpenSSL. Cloudfare has recommended people to change their passwords for security concerns.

The hacker later clarified that he won’t be disclosing the code he used to hack until all the security passwords have been changed.


 

With the kind of catastrophe this bug can bring, already displayed, many websites have started updating their security for SSL and have started recommending users to change their passwords, as soon as possible.

Editor-at-large and co-founder at The Tech Portal. He is a tech enthusiast with interests in new-age technology fields like Ai, Machine Learning, AR/VR, Outer Space and related stuff. Drop him a mail anytime, very reachable.


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *